How to Check if the Workflow Initiator is in a SharePoint 2013 Group in a Workflow

Development, SharePoint 2013 Leave a comment

In this post I will explain how to check if the current user that started the workflow, is in a specific group in SharePoint. This pertains to a SharePoint 2013 workflow using the SharePoint Designer.

The gist of the solution is to use the REST api to get a list of all the users in a SharePoint group. Once the list is retrieved, loop over the results checking to see if the current user matches the user in the results.

The REST API endpoints we will use are the following:

https://sharepointsite/_api/web/SiteGroups/
– REST endpoint to get all the groups on the site

https://sharepointsite/_api/web/SiteGroups/GetByID(ID#)/Users
– REST endpoint to get all the users for a specific group on the site

Steps to Creating the Workflow

First, access the https://sharepointsite/_api/web/SiteGroups/ REST API in a browser and examine the XML output. Find the group that you want to get the members of. Make note of its corresponding ID number.

Create a SharePoint 2013 workflow in SharePoint Designer.

Build a dictionary called RequestHeaders and add the following members to the dictionary:snip_20160702165306

Name: accept
Value: application/json; odata=verbose
Name: content-type
Value: application/json; odata=verbose

Add a REST call action and specify the URL as [%Workflow Context: Current Site URL %]/_api/web/SiteGroups/GetByID(ID#)/Users

Replace the ID# with the Group ID number we noted.

Set the HTTP Method to Get.

snip_20160702165345

Right click on the REST call action and select Properties. Set the Request Headers field to the workflow variable RequestHeaders that we created earlier. Also, set the ResponseContent to a dictionary variable called ResponseContent.

snip_20160702165357

Create an IF statement where we will check if the responseCode is equal to “OK”.

Inside the IF statement, make a get data from dictionary call. Set the path of the get to d/results from the dictionary called ResponseContent and output the content in a dictionary called ResponseItems.

get_statement_1

Next, Count items in ResultItems. Output to NumOfResponseItems.

Create an integer variable called index, and set it to 0.

get_statement_1.5

Create a loop that will loop for the NumOfResponseItems.

Inside the loop, get the value d/result(index)/LoginName and store it in the variable LoginName.

Now check If the variable “WorkflowInitiator” equals the LoginName. If it does set a Boolean variable called IsUserGrantedAccess to Yes.

Finally, increment the index variable by 1, and output the result back into the index.

get_statement_2

I used a stage condition where if the IsUserGrantedAccess is equal to yes, then perform the logic of the workflow, otherwise go to a Rejected stage where the Initiator is emailed that they do not have the appropriate access.

The end result should look something like below. I put the whole process into its own stage. In the stage transition I check if the IsUserGrantedAccess variable is set to Yes. If so, move onto whatever task you want the authorized user to perform, otherwise go to a Rejected stage where the Initiator is emailed stating they do not have access to perform the task.

check_if_user_has_permissions_total_workflow

For more information about the groups API, please see Microsoft’s documentation.

https://msdn.microsoft.com/en-us/library/office/dn531432.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *